Bump freedns plugin

2025-07-03 00:26:51 +00:00 · 2024-10-17 12:57:49 +10:00
46 changed files with 84 additions and 354 deletions
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@ -570,7 +570,6 @@ const internalCertificate = {
 		return internalCertificate.create(access, {
 			provider:     'letsencrypt',
 			domain_names: data.domain_names,
-			ssl_key_type: data.ssl_key_type,
 			meta:         data.meta
 		});
 	},
@ -833,7 +832,6 @@ const internalCertificate = {

 		const cmd = `${certbotCommand} certonly ` +
 			`--config '${letsencryptConfig}' ` +
-			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name "npm-${certificate.id}" ` +
@ -875,7 +873,6 @@ const internalCertificate = {

 		let mainCmd = certbotCommand + ' certonly ' +
 			`--config '${letsencryptConfig}' ` +
-			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@ -972,7 +969,6 @@ const internalCertificate = {

 		const cmd = certbotCommand + ' renew --force-renewal ' +
 			`--config '${letsencryptConfig}' ` +
-			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@ -1006,7 +1002,6 @@ const internalCertificate = {

 		let mainCmd = certbotCommand + ' renew --force-renewal ' +
 			`--config "${letsencryptConfig}" ` +
-			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@ -1037,10 +1032,9 @@ const internalCertificate = {
 	 */
 	revokeLetsEncryptSsl: (certificate, throw_errors) => {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-		
+
 		const mainCmd = certbotCommand + ' revoke ' +
 			`--config '${letsencryptConfig}' ` +
-			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +
--- a/backend/internal/host.js
+++ b/backend/internal/host.js
@ -228,32 +228,8 @@ const internalHost = {
 		}

 		return response;
-	},
-
-	/**
-	 * Internal use only, checks to see if the there is another default server record
-	 *
-	 * @param   {String}   hostname
-	 * @param   {String}   [ignore_type]   'proxy', 'redirection', 'dead'
-	 * @param   {Integer}  [ignore_id]     Must be supplied if type was also supplied
-	 * @returns {Promise}
-	 */
-	checkDefaultServerNotExist: function (hostname) {
-		let promises = proxyHostModel
-			.query()
-			.where('default_server', true)
-			.andWhere('domain_names', 'not like', '%' + hostname + '%');
-
-		
-		return Promise.resolve(promises)
-			.then((promises_results) => {
-				if (promises_results.length > 0){
-					return false;
-				}
-				return true;
-			});
-		
 	}
+
 };

 module.exports = internalHost;
--- a/backend/internal/nginx.js
+++ b/backend/internal/nginx.js
@ -185,7 +185,7 @@ const internalNginx = {
 		// Prevent modifying the original object:
 		let host             = JSON.parse(JSON.stringify(host_row));
 		const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);
-		
+
 		if (config.debug()) {
 			logger.info('Generating ' + nice_host_type + ' Config:', JSON.stringify(host, null, 2));
 		}
--- a/backend/internal/proxy-host.js
+++ b/backend/internal/proxy-host.js
@ -43,22 +43,6 @@ const internalProxyHost = {
 						});
 					});
 			})
-			.then(() => {
-				// Get a list of the domain names and check each of them against default records
-				if (data.default_server){
-					if (data.domain_names.length > 1) {
-						throw new error.ValidationError('Default server cant be set for multiple domain!');
-					}
-	
-					return internalHost
-						.checkDefaultServerNotExist(data.domain_names[0])
-						.then((result) => {
-							if (!result){
-								throw new error.ValidationError('One default server already exists');
-							}
-						});
-				}
-			})
 			.then(() => {
 				// At this point the domains should have been checked
 				data.owner_user_id = access.token.getUserId(1);
@ -156,22 +140,6 @@ const internalProxyHost = {
 						});
 				}
 			})
-			.then(() => {
-				// Get a list of the domain names and check each of them against default records
-				if (data.default_server){
-					if (data.domain_names.length > 1) {
-						throw new error.ValidationError('Default server cant be set for multiple domain!');
-					}
-	
-					return internalHost
-						.checkDefaultServerNotExist(data.domain_names[0])
-						.then((result) => {
-							if (!result){
-								throw new error.ValidationError('One default server already exists');
-							}
-						});
-				}
-			})
 			.then(() => {
 				return internalProxyHost.get(access, {id: data.id});
 			})
@ -184,7 +152,6 @@ const internalProxyHost = {
 				if (create_certificate) {
 					return internalCertificate.createQuickCertificate(access, {
 						domain_names: data.domain_names || row.domain_names,
-						ssl_key_type: data.ssl_key_type || row.ssl_key_type,
 						meta:         _.assign({}, row.meta, data.meta)
 					})
 						.then((cert) => {
--- a/backend/internal/token.js
+++ b/backend/internal/token.js
@ -5,8 +5,6 @@ const authModel  = require('../models/auth');
 const helpers    = require('../lib/helpers');
 const TokenModel = require('../models/token');

-const ERROR_MESSAGE_INVALID_AUTH = 'Invalid email or password';
-
 module.exports = {

 	/**
@ -71,15 +69,15 @@ module.exports = {
 													};
 												});
 										} else {
-											throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
+											throw new error.AuthError('Invalid password');
 										}
 									});
 							} else {
-								throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
+								throw new error.AuthError('No password auth for user');
 							}
 						});
 				} else {
-					throw new error.AuthError(ERROR_MESSAGE_INVALID_AUTH);
+					throw new error.AuthError('No relevant user found');
 				}
 			});
 	},
--- a/backend/migrations/20241209062244_ssl_key_type.js
+++ b/backend/migrations/20241209062244_ssl_key_type.js
@ -1,39 +0,0 @@
-const migrate_name = 'identifier_for_migrate';
-const logger       = require('../logger').migrate;
-
-/**
- * Migrate
- *
- * @see http://knexjs.org/#Schema
- *
- * @param {Object} knex
- * @param {Promise} Promise
- * @returns {Promise}
- */
-exports.up = function (knex) {
-
-	logger.info(`[${migrate_name}] Migrating Up...`);
-
-	return knex.schema.alterTable('proxy_host', (table) => {
-		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
-	}).then(() => {
-		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
-	});
-};
-
-/**
- * Undo Migrate
- *
- * @param {Object} knex
- * @param {Promise} Promise
- * @returns {Promise}
- */
-exports.down = function (knex) {
-	logger.info(`[${migrate_name}] Migrating Down...`);
-
-	return knex.schema.alterTable('proxy_host', (table) => {
-		table.dropColumn('ssl_key_type');
-	}).then(() => {
-		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
-	});
-};
--- a/backend/migrations/20241211081223_ssl_key_type_in_proxy.js
+++ b/backend/migrations/20241211081223_ssl_key_type_in_proxy.js
@ -1,39 +0,0 @@
-const migrate_name = 'identifier_for_migrate';
-const logger       = require('../logger').migrate;
-
-/**
- * Migrate
- *
- * @see http://knexjs.org/#Schema
- *
- * @param {Object} knex
- * @param {Promise} Promise
- * @returns {Promise}
- */
-exports.up = function (knex) {
-
-	logger.info(`[${migrate_name}] Migrating Up...`);
-
-	return knex.schema.alterTable('certificate', (table) => {
-		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
-	}).then(() => {
-		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
-	});
-};
-
-/**
- * Undo Migrate
- *
- * @param {Object} knex
- * @param {Promise} Promise
- * @returns {Promise}
- */
-exports.down = function (knex) {
-	logger.info(`[${migrate_name}] Migrating Down...`);
-
-	return knex.schema.alterTable('certificate', (table) => {
-		table.dropColumn('ssl_key_type');
-	}).then(() => {
-		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
-	});
-};
--- a/backend/migrations/20241221201400_default_server.js
+++ b/backend/migrations/20241221201400_default_server.js
@ -1,40 +0,0 @@
-const migrate_name = 'identifier_for_migrate';
-const logger       = require('../logger').migrate;
-
-/**
- * Migrate Up
- *
- * @param {Object} knex
- * @param {Promise} Promise
- * @returns {Promise}
- */
-exports.up = function (knex) {
-	logger.info(`[${migrate_name}] Migrating Up...`);
-
-	// Add default_server column to proxy_host table
-	return knex.schema.table('proxy_host', (table) => {
-		table.boolean('default_server').notNullable().defaultTo(false);
-	})
-		.then(() => {
-			logger.info(`[${migrate_name}] Column 'default_server' added to 'proxy_host' table`);
-		});
-};
-
-/**
- * Migrate Down
- *
- * @param {Object} knex
- * @param {Promise} Promise
- * @returns {Promise}
- */
-exports.down = function (knex) {
-	logger.info(`[${migrate_name}] Migrating Down...`);
-
-	// Remove default_server column from proxy_host table
-	return knex.schema.table('proxy_host', (table) => {
-		table.dropColumn('default_server');
-	})
-		.then(() => {
-			logger.info(`[${migrate_name}] Column 'default_server' removed from 'proxy_host' table`);
-		});
-};
--- a/backend/models/proxy_host.js
+++ b/backend/models/proxy_host.js
@ -21,7 +21,6 @@ const boolFields = [
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
-	'default_server',
 ];

 class ProxyHost extends Model {
--- a/backend/schema/components/certificate-object.json
+++ b/backend/schema/components/certificate-object.json
@ -41,15 +41,6 @@
 		"owner": {
 			"$ref": "./user-object.json"
 		},
-		"ssl_key_type": {
-			"type": "string",
-			"enum": ["ecdsa", "rsa"],
-			"description": "Type of SSL key (either ecdsa or rsa)"
-		},
-		"default_server": {
-			"type": "boolean",
-			"description": "Defines if the server is the default for unmatched requests"
-		},
 		"meta": {
 			"type": "object",
 			"additionalProperties": false,
--- a/backend/schema/components/proxy-host-object.json
+++ b/backend/schema/components/proxy-host-object.json
@ -23,8 +23,6 @@
 		"locations",
 		"hsts_enabled",
 		"hsts_subdomains",
-		"ssl_key_type",
-		"default_server",
 		"certificate"
 	],
 	"additionalProperties": false,
@ -151,15 +149,6 @@
 					"$ref": "./access-list-object.json"
 				}
 			]
-		},
-		"ssl_key_type": {
-			"type": "string",
-			"enum": ["ecdsa", "rsa"],
-			"description": "Type of SSL key (either ecdsa or rsa)"
-		},
-		"default_server": {
-			"type": "boolean",
-			"description": "Defines if the server is the default for unmatched requests"
 		}
 	}
 }
--- a/backend/schema/components/stream-object.json
+++ b/backend/schema/components/stream-object.json
@ -19,9 +19,7 @@
 		"incoming_port": {
 			"type": "integer",
 			"minimum": 1,
-			"maximum": 65535,
-			"if": {"properties": {"tcp_forwarding": {"const": true}}},
-			"then": {"not": {"oneOf": [{"const": 80}, {"const": 443}]}}
+			"maximum": 65535
 		},
 		"forwarding_host": {
 			"anyOf": [
--- a/backend/schema/paths/nginx/access-lists/listID/put.json
+++ b/backend/schema/paths/nginx/access-lists/listID/put.json
@ -49,7 +49,8 @@
 										"minLength": 1
 									},
 									"password": {
-										"type": "string"
+										"type": "string",
+										"minLength": 1
 									}
 								}
 							}
--- a/backend/schema/paths/nginx/proxy-hosts/hostID/put.json
+++ b/backend/schema/paths/nginx/proxy-hosts/hostID/put.json
@ -79,12 +79,6 @@
 						},
 						"locations": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
-						},
-						"ssl_key_type": {
-							"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_key_type"
-						},
-						"default_server": {
-							"$ref": "../../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}
--- a/backend/schema/paths/nginx/proxy-hosts/post.json
+++ b/backend/schema/paths/nginx/proxy-hosts/post.json
@ -67,12 +67,6 @@
 						},
 						"locations": {
 							"$ref": "../../../components/proxy-host-object.json#/properties/locations"
-						},
-						"ssl_key_type": {
-							"$ref": "../../../components/proxy-host-object.json#/properties/ssl_key_type"
-						},
-						"default_server": {
-							"$ref": "../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}
--- a/backend/templates/_access.conf
+++ b/backend/templates/_access.conf
@ -4,7 +4,7 @@
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/{{ access_list_id }};

-    {% if access_list.pass_auth == 0 or access_list.pass_auth == true %}
+    {% if access_list.pass_auth == 0 %}
    proxy_set_header Authorization "";
    {% endif %}

@ -17,7 +17,7 @@
    deny all;

    # Access checks must...
-    {% if access_list.satisfy_any == 1 or access_list.satisfy_any == true %}
+    {% if access_list.satisfy_any == 1 %}
    satisfy any;
    {% else %}
    satisfy all;
--- a/backend/templates/_listen.conf
+++ b/backend/templates/_listen.conf
@ -1,20 +1,15 @@
-listen 80{% if default_server == true %} default_server{% endif %};
+  listen 80;
 {% if ipv6 -%}
-  listen [::]:80{% if default_server == true %} default_server{% endif %};
+  listen [::]:80;
 {% else -%}
  #listen [::]:80;
 {% endif %}
 {% if certificate -%}
-  listen 443 ssl{% if default_server == true %} default_server{% endif %};
+  listen 443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
 {% if ipv6 -%}
-  listen [::]:443 ssl{% if default_server == true %} default_server{% endif %};
+  listen [::]:443 ssl{% if http2_support == 1 or http2_support == true %} http2{% endif %};
 {% else -%}
  #listen [::]:443;
 {% endif %}
 {% endif %}
  server_name {{ domain_names | join: " " }};
-{% if http2_support == 1 or http2_support == true %}
-  http2 on;
-{% else -%}
-  http2 off;
-{% endif %}
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@ -7,7 +7,11 @@
    proxy_set_header X-Forwarded-For    $remote_addr;
    proxy_set_header X-Real-IP		$remote_addr;

-    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
+    set $proxy_forward_scheme {{ forward_scheme }};
+    set $proxy_server         "{{ forward_host }}";
+    set $proxy_port           {{ forward_port }};
+
+    proxy_pass       $proxy_forward_scheme://$proxy_server:$proxy_port{{ forward_path }};

    {% include "_access.conf" %}
    {% include "_assets.conf" %}
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@ -830,9 +830,9 @@ crc32-stream@^4.0.2:
    readable-stream "^3.4.0"

 cross-spawn@^7.0.2:
-  version "7.0.6"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
-  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
+  version "7.0.3"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
+  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
  dependencies:
    path-key "^3.1.0"
    shebang-command "^2.0.0"
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -53,11 +53,9 @@ COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager
 # Remove frontend service not required for prod, dev nginx config as well
 RUN rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/frontend /etc/nginx/conf.d/dev.conf \
 	&& chmod 644 /etc/logrotate.d/nginx-proxy-manager
-COPY docker/start-container /usr/local/bin/start-container
-RUN chmod +x /usr/local/bin/start-container

 VOLUME [ "/data" ]
-ENTRYPOINT [ "start-container" ]
+ENTRYPOINT [ "/init" ]

 LABEL org.label-schema.schema-version="1.0" \
 	org.label-schema.license="MIT" \
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@ -35,8 +35,5 @@ RUN rm -f /etc/nginx/conf.d/production.conf \
 COPY --from=pebbleca /test/certs/pebble.minica.pem /etc/ssl/certs/pebble.minica.pem
 COPY --from=testca /home/step/certs/root_ca.crt /etc/ssl/certs/NginxProxyManager.crt

-COPY start-container /usr/local/bin/start-container
-RUN chmod +x /usr/local/bin/start-container
-
 EXPOSE 80 81 443
-ENTRYPOINT [ "start-container" ]
+ENTRYPOINT [ "/init" ]
--- a/docker/dev/letsencrypt.ini
+++ b/docker/dev/letsencrypt.ini
@ -1,5 +1,7 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
+key-type = ecdsa
+elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1
 server =
--- a/docker/rootfs/etc/letsencrypt.ini
+++ b/docker/rootfs/etc/letsencrypt.ini
@ -1,4 +1,6 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
+key-type = ecdsa
+elliptic-curve = secp384r1
 preferred-chain = ISRG Root X1
--- a/docker/rootfs/etc/nginx/conf.d/include/assets.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/assets.conf
@ -1,4 +1,4 @@
-location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|woff2|eot|ttf|svg|ico|css\.map|js\.map)$ {
+location ~* ^.*\.(css|js|jpe?g|gif|png|webp|woff|eot|ttf|svg|ico|css\.map|js\.map)$ {
 	if_modified_since off;

 	# use the public cache
--- a/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
@ -3,7 +3,5 @@ ssl_session_cache shared:SSL:50m;

 # intermediate configuration. tweak to your needs.
 ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers "ALL:RC4-SHA:AES128-SHA:AES256-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256:RSA-AES256-CBC-SHA:RC4-MD5:DES-CBC3-SHA:AES256-SHA:RC4-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
 ssl_prefer_server_ciphers off;
-ssl_ecdh_curve X25519:prime256v1:secp384r1;
-ssl_dhparam /etc/ssl/certs/dhparam.pem;
--- a/docker/start-container
+++ b/docker/start-container
@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-
-FILE="/etc/ssl/certs/dhparam.pem"
-
-if [ ! -f "$FILE" ]; then
-    echo "the $FILE does not exist, creating..."
-    openssl dhparam -out "$FILE" 2048
-else
-    echo "the $FILE already exists, skipping..."
-fi
-
-echo "run default script"
-exec /init
--- a/docs/src/advanced-config/index.md
+++ b/docs/src/advanced-config/index.md
@ -50,6 +50,7 @@ networks:
 Let's look at a Portainer example:

 ```yml
+version: '3.8'
 services:

  portainer:
@ -91,6 +92,8 @@ This image supports the use of Docker secrets to import from files and keep sens
 You can set any environment variable from a file by appending `__FILE` (double-underscore FILE) to the environmental variable name.

 ```yml
+version: '3.8'
+
 secrets:
  # Secrets are single-line text files where the sole content is the secret
  # Paths in this example assume that secrets are kept in local folder called ".secrets"
--- a/docs/src/setup/index.md
+++ b/docs/src/setup/index.md
@ -9,6 +9,7 @@ outline: deep
 Create a `docker-compose.yml` file:

 ```yml
+version: '3.8'
 services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
@ -54,6 +55,7 @@ are going to use.
 Here is an example of what your `docker-compose.yml` will look like when using a MariaDB container:

 ```yml
+version: '3.8'
 services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
@ -135,13 +137,5 @@ Email:    admin@example.com
 Password: changeme
 ```

-Immediately after logging in with this default user you will be asked to modify your details and change your password. You can change defaults with:
-
-
-```
-    environment:
-      INITIAL_ADMIN_EMAIL: my@example.com
-      INITIAL_ADMIN_PASSWORD: mypassword1
-```
-
+Immediately after logging in with this default user you will be asked to modify your details and change your password.

--- a/frontend/js/app/dashboard/main.js
+++ b/frontend/js/app/dashboard/main.js
@ -50,7 +50,8 @@ module.exports = Mn.View.extend({
    onRender: function () {
        let view = this;

-        Api.Reports.getHostStats()
+        if (typeof view.stats.hosts === 'undefined') {
+            Api.Reports.getHostStats()
                .then(response => {
                    if (!view.isDestroyed()) {
                        view.stats.hosts = response;
@ -60,6 +61,7 @@ module.exports = Mn.View.extend({
                .catch(err => {
                    console.log(err);
                });
+        }
    },

    /**
--- a/frontend/js/app/nginx/access/list/item.ejs
+++ b/frontend/js/app/nginx/access/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/certificates/list/item.ejs
+++ b/frontend/js/app/nginx/certificates/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/dead/list/item.ejs
+++ b/frontend/js/app/nginx/dead/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/proxy/form.ejs
+++ b/frontend/js/app/nginx/proxy/form.ejs
@ -72,7 +72,7 @@
                                </label>
                            </div>
                        </div>
-                        <div class="col-sm-6 col-md-6">
+                        <div class="col-sm-12 col-md-12">
                            <div class="form-group">
                                <label class="custom-switch">
                                    <input type="checkbox" class="custom-switch-input" name="allow_websocket_upgrade" value="1"<%- allow_websocket_upgrade ? ' checked' : '' %>>
@ -81,15 +81,6 @@
                                </label>
                            </div>
                        </div>
-                        <div class="col-sm-6 col-md-6">
-                            <div class="form-group">
-                                <label class="custom-switch">
-                                    <input type="checkbox" class="custom-switch-input" name="default_server" value="1"<%- default_server ? ' checked' : '' %>>
-                                    <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('proxy-hosts', 'default-server') %></span>
-                                </label>
-                            </div>
-                        </div>

                        <div class="col-sm-12 col-md-12">
                            <div class="form-group">
@ -114,15 +105,6 @@
                                </select>
                            </div>
                        </div>
-                        <div class="col-sm-12 col-md-12">
-                            <div class="form-group">
-                                <label class="form-label"><%- i18n('all-hosts', 'ssl-key-type') %></label>
-                                <select name="ssl_key_type" class="form-control custom-select">
-                                    <option value="ecdsa" data-data="{&quot;id&quot;:&quot;ecdsa&quot;}" <%- ssl_key_type == 'ecdsa' ? 'selected' : '' %>>ECDSA</option>
-                                    <option value="rsa" data-data="{&quot;id&quot;:&quot;rsa&quot;}" <%- ssl_key_type == 'rsa' ? 'selected' : '' %>>RSA</option>
-                                </select>
-                            </div>
-                        </div>
                        <div class="col-sm-6 col-md-6">
                            <div class="form-group">
                                <label class="custom-switch">
--- a/frontend/js/app/nginx/proxy/form.js
+++ b/frontend/js/app/nginx/proxy/form.js
@ -167,7 +167,6 @@ module.exports = Mn.View.extend({
            data.hsts_enabled            = !!data.hsts_enabled;
            data.hsts_subdomains         = !!data.hsts_subdomains;
            data.ssl_forced              = !!data.ssl_forced;
-            data.default_server          = !!data.default_server;
            
            if (typeof data.meta === 'undefined') data.meta = {};
            data.meta.letsencrypt_agree = data.meta.letsencrypt_agree == 1;
--- a/frontend/js/app/nginx/proxy/list/item.ejs
+++ b/frontend/js/app/nginx/proxy/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/redirection/list/item.ejs
+++ b/frontend/js/app/nginx/redirection/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/nginx/stream/list/item.ejs
+++ b/frontend/js/app/nginx/stream/list/item.ejs
@ -1,6 +1,6 @@
 <td class="text-center">
-    <div class="avatar d-block" style="background-image: url(<%- (owner && owner.avatar) || '/images/default-avatar.jpg' %>)" title="Owned by <%- (owner && owner.name) || 'a deleted user' %>">
-        <span class="avatar-status <%- owner && !owner.is_disabled ? 'bg-green' : 'bg-red' %>"></span>
+    <div class="avatar d-block" style="background-image: url(<%- owner.avatar || '/images/default-avatar.jpg' %>)" title="Owned by <%- owner.name %>">
+        <span class="avatar-status <%- owner.is_disabled ? 'bg-red' : 'bg-green' %>"></span>
    </div>
 </td>
 <td>
--- a/frontend/js/app/user/form.ejs
+++ b/frontend/js/app/user/form.ejs
@ -1,10 +1,10 @@
 <div class="modal-content">
-    <form>
-        <div class="modal-header">
-            <h5 class="modal-title"><%- i18n('users', 'form-title', {id: id}) %></h5>
-            <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
-        </div>
-        <div class="modal-body">
+    <div class="modal-header">
+        <h5 class="modal-title"><%- i18n('users', 'form-title', {id: id}) %></h5>
+        <button type="button" class="close cancel" aria-label="Close" data-dismiss="modal">&nbsp;</button>
+    </div>
+    <div class="modal-body">
+        <form>
            <div class="row">
                <div class="col-sm-6 col-md-6">
                    <div class="form-group">
@ -49,10 +49,10 @@
                </div>
                <% } %>
            </div>
-        </div>
-        <div class="modal-footer">
-            <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
-            <button type="submit" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
-        </div>
-    </form>
+        </form>
+    </div>
+    <div class="modal-footer">
+        <button type="button" class="btn btn-secondary cancel" data-dismiss="modal"><%- i18n('str', 'cancel') %></button>
+        <button type="button" class="btn btn-teal save"><%- i18n('str', 'save') %></button>
+    </div>
 </div>
--- a/frontend/js/app/user/form.js
+++ b/frontend/js/app/user/form.js
@ -19,7 +19,7 @@ module.exports = Mn.View.extend({

    events: {

-        'submit @ui.form': function (e) {
+        'click @ui.save': function (e) {
            e.preventDefault();
            this.ui.error.hide();
            let view = this;
--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@ -77,7 +77,6 @@
      "block-exploits": "Block Common Exploits",
      "caching-enabled": "Cache Assets",
      "ssl-certificate": "SSL Certificate",
-      "ssl-key-type": "SSL Key Type",
      "none": "None",
      "new-cert": "Request a new SSL Certificate",
      "with-le": "with Let's Encrypt",
@ -132,7 +131,6 @@
      "help-content": "A Proxy Host is the incoming endpoint for a web service that you want to forward.\nIt provides optional SSL termination for your service that might not have SSL support built in.\nProxy Hosts are the most common use for the Nginx Proxy Manager.",
      "access-list": "Access List",
      "allow-websocket-upgrade": "Websockets Support",
-      "default-server": "Default Server",
      "ignore-invalid-upstream-ssl": "Ignore Invalid SSL",
      "custom-forward-host-help": "Add a path for sub-folder forwarding.\nExample: 203.0.113.25/path/",
      "search": "Search Host…"
--- a/frontend/js/models/dead-host.js
+++ b/frontend/js/models/dead-host.js
@ -10,8 +10,6 @@ const model = Backbone.Model.extend({
            modified_on:     null,
            domain_names:    [],
            certificate_id:  0,
-            ssl_key_type:    'ecdsa',
-            default_server:  false,
            ssl_forced:      false,
            http2_support:   false,
            hsts_enabled:    false,
--- a/frontend/js/models/proxy-host.js
+++ b/frontend/js/models/proxy-host.js
@ -14,8 +14,6 @@ const model = Backbone.Model.extend({
            forward_port:            null,
            access_list_id:          0,
            certificate_id:          0,
-            ssl_key_type:            'ecdsa',
-            default_server:          false,
            ssl_forced:              false,
            hsts_enabled:            false,
            hsts_subdomains:         false,
--- a/frontend/js/models/redirection-host.js
+++ b/frontend/js/models/redirection-host.js
@ -14,8 +14,6 @@ const model = Backbone.Model.extend({
            forward_domain_name: '',
            preserve_path:       true,
            certificate_id:      0,
-            ssl_key_type:        'ecdsa',
-            default_server:      false,
            ssl_forced:          false,
            hsts_enabled:        false,
            hsts_subdomains:     false,
--- a/frontend/yarn.lock
+++ b/frontend/yarn.lock
@ -2648,9 +2648,9 @@ electron-to-chromium@^1.3.47:
  integrity sha512-67V62Z4CFOiAtox+o+tosGfVk0QX4DJgH609tjT8QymbJZVAI/jWnAthnr8c5hnRNziIRwkc9EMQYejiVz3/9Q==

 elliptic@^6.5.3, elliptic@^6.5.4:
-  version "6.6.0"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.6.0.tgz#5919ec723286c1edf28685aa89261d4761afa210"
-  integrity sha512-dpwoQcLc/2WLQvJvLRHKZ+f9FgOdjnq11rurqwekGQygGPsYSK29OMMD2WalatiqQ+XGFDglTNixpPfI+lpaAA==
+  version "6.5.7"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.7.tgz#8ec4da2cb2939926a1b9a73619d768207e647c8b"
+  integrity sha512-ESVCtTwiA+XhY3wyh24QqRGBoP3rEdDUl3EDUUo9tft074fi19IrdpH7hLCMMP3CIj7jb3W96rn8lt/BqIlt5Q==
  dependencies:
    bn.js "^4.11.9"
    brorand "^1.1.0"
--- a/global/certbot-dns-plugins.json
+++ b/global/certbot-dns-plugins.json
@ -7,7 +7,7 @@
 		"credentials": "dns_acmedns_api_url = http://acmedns-server/\ndns_acmedns_registration_file = /data/acme-registration.json",
 		"full_plugin_name": "dns-acmedns"
 	},
-	"active24":{
+    "active24":{
 		"name": "Active24",
 		"package_name": "certbot-dns-active24",
 		"version": "~=1.5.1",
@ -194,7 +194,7 @@
 	"freedns": {
 		"name": "FreeDNS",
 		"package_name": "certbot-dns-freedns",
-		"version": "~=0.1.0",
+		"version": "~=0.2.0",
 		"dependencies": "",
 		"credentials": "dns_freedns_username = myremoteuser\ndns_freedns_password = verysecureremoteuserpassword",
 		"full_plugin_name": "dns-freedns"
@ -303,14 +303,6 @@
 		"credentials": "dns_joker_username = <Dynamic DNS Authentication Username>\ndns_joker_password = <Dynamic DNS Authentication Password>\ndns_joker_domain = <Dynamic DNS Domain>",
 		"full_plugin_name": "dns-joker"
 	},
-	"leaseweb": {
-		"name": "LeaseWeb",
-		"package_name": "certbot-dns-leaseweb",
-		"version": "~=1.0.1",
-		"dependencies": "",
-		"credentials": "dns_leaseweb_api_token = 01234556789",
-		"full_plugin_name": "dns-leaseweb"
-	},
 	"linode": {
 		"name": "Linode",
 		"package_name": "certbot-dns-linode",
@ -432,13 +424,13 @@
 		"full_plugin_name": "dns-rfc2136"
 	},
 	"rockenstein": {
-		"name": "rockenstein AG",
-		"package_name": "certbot-dns-rockenstein",
-		"version": "~=1.0.0",
-		"dependencies": "",
-		"credentials": "dns_rockenstein_token=<token>",
-		"full_plugin_name": "dns-rockenstein"
-	},
+                "name": "rockenstein AG",
+                "package_name": "certbot-dns-rockenstein",
+                "version": "~=1.0.0",
+                "dependencies": "",
+                "credentials": "dns_rockenstein_token=<token>",
+                "full_plugin_name": "dns-rockenstein"
+        },
 	"route53": {
 		"name": "Route 53 (Amazon)",
 		"package_name": "certbot-dns-route53",
--- a/test/yarn.lock
+++ b/test/yarn.lock
@ -132,9 +132,9 @@
  integrity sha512-BsWiH1yFGjXXS2yvrf5LyuoSIIbPrGUWob917o+BTKuZ7qJdxX8aJLRxs1fS9n6r7vESrq1OUqb68dANcFXuQQ==

 "@eslint/plugin-kit@^0.2.0":
-  version "0.2.3"
-  resolved "https://registry.yarnpkg.com/@eslint/plugin-kit/-/plugin-kit-0.2.3.tgz#812980a6a41ecf3a8341719f92a6d1e784a2e0e8"
-  integrity sha512-2b/g5hRmpbb1o4GnTZax9N9m0FXzz9OV42ZzI4rDDMDuHUqigAiQCEWChBWCY4ztAGVRjoWT19v0yMmc5/L5kA==
+  version "0.2.0"
+  resolved "https://registry.yarnpkg.com/@eslint/plugin-kit/-/plugin-kit-0.2.0.tgz#8712dccae365d24e9eeecb7b346f85e750ba343d"
+  integrity sha512-vH9PiIMMwvhCx31Af3HiGzsVNULDbyVkHXwlemn/B0TFj/00ho3y55efXrUZTfQipxoHC5u4xq6zblww1zm1Ig==
  dependencies:
    levn "^0.4.1"

@ -628,9 +628,9 @@ core-util-is@1.0.2:
  integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=

 cross-spawn@^7.0.0, cross-spawn@^7.0.2:
-  version "7.0.6"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
-  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
+  version "7.0.3"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
+  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
  dependencies:
    path-key "^3.1.0"
    shebang-command "^2.0.0"